- From: Sailesh Panchang <sailesh.panchang@deque.com>
- Date: Thu, 9 Feb 2017 12:46:04 -0500
- To: David MacDonald <david@can-adapt.com>
- Cc: Michael Pluke <Mike.Pluke@castle-consult.com>, EA Draffan <ead@ecs.soton.ac.uk>, WCAG <w3c-wai-gl@w3.org>, Jonathan Avila <jon.avila@ssbbartgroup.com>, Alastair Campbell <acampbell@nomensa.com>, Glenda Sims <glenda.sims@deque.com>, Gregg C Vanderheiden <greggvan@umd.edu>
Will moving SC 2.2.5 to Level A (or AA) be enough then in 2.1 instead of crafting out new wording? Content authors who attempt to meet 2.1 will meet this requirement unless they have compelling business / functional justification not to do so. Exceptions do not have to be listed out by the SC then. Sailesh On 2/9/17, David MacDonald <david@can-adapt.com> wrote: >>>I’d be happier to imagine a world where some users are unavoidably timed > out of sessions (for security reasons or reasons beyond their control) but > where they could *always* guarantee to re-enter the session at the same > point without having lost any entered information and choices made. > > Me too... I believe there were some difficulties in getting that through in > WCAg 2. We really tried, but security people shot it down...maybe this time > around we can scope out those situations that are concerning about storing > data that the user filled in... perhaps we could say something like > > "...preserving all of the data entered and steps completed by the user, and > allowing them to return to the step at which they were forcibly logged > out... if such data was stored and is retrievable." > > Cheers, > David MacDonald > > > > *Can**Adapt* *Solutions Inc.* > Tel: 613.235.4902 > > LinkedIn > <http://www.linkedin.com/in/davidmacdonald100> > > twitter.com/davidmacd > > GitHub <https://github.com/DavidMacDonald> > > www.Can-Adapt.com <http://www.can-adapt.com/> > > > > * Adapting the web to all users* > * Including those with disabilities* > > If you are not the intended recipient, please review our privacy policy > <http://www.davidmacd.com/disclaimer.html> > > On Thu, Feb 9, 2017 at 11:57 AM, Michael Pluke < > Mike.Pluke@castle-consult.com> wrote: > >> You are right that "preserving all of the data entered and steps >> completed >> by the user, and allowing them to return to the step at which they were >> forcibly logged out" is really the same as what SC 2.2.5 proposes – but >> unfortunately it is only AAA. However, Jason White is right when he >> highlights the importance of this aspect of the proposal and says it “is >> an >> aspect of the proposal that should be supported in relation to time >> limits >> for which it makes sense.” >> >> >> >> What might be good is to see if it is possible to break this out and >> “identify the time limits for which it makes sense”, include those in the >> scope, and create a new success criteria that elevates this to at least >> AA, >> preferably to A. >> >> >> >> I’d be happier to imagine a world where some users are unavoidably timed >> out of sessions (for security reasons or reasons beyond their control) >> but >> where they could *always* guarantee to re-enter the session at the same >> point without having lost any entered information and choices made. >> >> >> >> Best regards >> >> >> >> Mike >> >> >> >> *From:* Sailesh Panchang [mailto:sailesh.panchang@deque.com] >> *Sent:* 09 February 2017 16:21 >> *To:* David MacDonald <david@can-adapt.com> >> *Cc:* EA Draffan <ead@ecs.soton.ac.uk>; WCAG <w3c-wai-gl@w3.org>; >> Jonathan Avila <jon.avila@ssbbartgroup.com>; Alastair Campbell < >> acampbell@nomensa.com>; Glenda Sims <glenda.sims@deque.com>; Gregg C >> Vanderheiden <greggvan@umd.edu> >> *Subject:* Re: Timing Adjustable: does it apply to timeout from >> inactivity (no mouse, keyboard activity) >> >> >> >> If the user fails to convey activity or to respond to the 'Continue >> session?' dialog then it is ok to be timed out. >> If the application is going to permit one to extend session say a >> limited number of times, then it is important for the dialog to convey >> that. i.e. "Continue session? (8 attempts left)' >> >> I usually recommend pretty much what the WCAG says: "Warn the user >> before time expires and give the user at least 20 seconds to extend >> the time limit with a simple action (for example, "press the space >> bar"). Show this warning a few times as considered reasonable (WCAG >> suggests at least ten times)". >> Content authors can then balance security and accessibility requirements. >> >> By the way, I find some applications do a poor job of sensing >> activity and the popup appears even as one is interacting with an >> application: even apps that for which timing is not criticaal, like >> entering data into an online tax app as against an online ticket >> purchase site. >> >> Is what Jason requests, "preserving all of the data entered and steps >> completed by the user, and allowing them to return to the step at >> which they were forcibly logged out" not the same as what SC 2.2.5 >> suggests? >> Thanks and regards, >> Sailesh Panchang >> >> On 2/9/17, David MacDonald <david@can-adapt.com> wrote: >> >> If the suggested minimal activity were possible and there was some way >> of >> > alerting the user to the time passing, that would be a better solution >> than >> > not being able to complete the task, as long as the security experts >> > are >> > happy. >> > >> > In the scenario I'm interested in, the session says open while the user >> is >> > active in the program. It would only time out if they didn't interact >> with >> > the page for 15 minutes. So the clock is not counting down while they >> > are >> > interacting with the site, only when they are not interacting with it. >> > >> > Cheers, >> > David MacDonald >> > >> > >> > >> > *Can**Adapt* *Solutions Inc.* >> > Tel: 613.235.4902 <(613)%20235-4902> >> > >> > LinkedIn >> > <http://www.linkedin.com/in/davidmacdonald100> >> > >> > twitter.com/davidmacd >> > >> > GitHub <https://github.com/DavidMacDonald> >> > >> > www.Can-Adapt.com <http://www.can-adapt.com/> >> > >> > >> > >> > * Adapting the web to all users* >> > * Including those with disabilities* >> > >> > If you are not the intended recipient, please review our privacy policy >> > <http://www.davidmacd.com/disclaimer.html> >> > >> > On Thu, Feb 9, 2017 at 10:18 AM, EA Draffan <ead@ecs.soton.ac.uk> >> > wrote: >> > >> >> If the suggested minimal activity were possible and there was some way >> of >> >> alerting the user to the time passing, that would be a better solution >> >> than >> >> not being able to complete the task, as long as the security experts >> >> are >> >> happy. >> >> >> >> Best wishes >> >> E.A. >> >> >> >> Mrs E.A. Draffan >> >> WAIS, ECS , University of Southampton >> >> Mobile +44 (0)7976 289103 <+44%207976%20289103> >> >> http://access.ecs.soton.ac.uk<http://access.ecs.soton.ac.uk/> >> >> UK AAATE rep http://www.aaate.net/ >> >> >> >> >> >> ________________________________ >> >> From: David MacDonald [david@can-adapt.com] >> >> Sent: 09 February 2017 14:53 >> >> To: WCAG; Jonathan Avila; Alastair Campbell; Glenda Sims; Gregg C >> >> Vanderheiden >> >> Subject: Timing Adjustable: does it apply to timeout from inactivity >> >> (no >> >> mouse, keyboard activity) >> >> >> >> I've been asked to comment on the newly proposed "timed events" SC. >> >> (1) >> >> >> >> What are other evaluators doing with time outs from inactivity? I've >> >> been >> >> recommending a warning before 20 seconds before the time out "Do you >> need >> >> more time" with "yes/no" buttons. >> >> >> >> But if the session stays open as long as the user is active, one might >> >> argue that the user extended the time limit simply by clicking, >> >> scrolling, >> >> typing ... if they did *nothing* it would time out in 15 minutes, but >> >> by >> >> using the mouse/keyboard at least every 14:59, they could stay in >> >> their >> >> account for up to 150 minutes. >> >> >> >> It's a significant question, because if that is the case then I'd say >> >> there is more flexibility with COGA's requests, which would deal with >> >> a >> >> *truly* timed events rather than a simple inactivity logout. Security >> >> people worry about an abandoned computer left open to others to >> >> exploit >> >> and >> >> don't like extending inactivity logouts. >> >> >> >> Thoughts? >> >> >> >> ========== >> >> >> >> (1) https://github.com/w3c/wcag21/issues/14 >> >> >> >> >> >> Cheers, >> >> David MacDonald >> >> >> >> >> >> >> >> CanAdapt Solutions Inc. >> >> >> >> Tel: 613.235.4902 <(613)%20235-4902> >> >> >> >> LinkedIn >> >> <http://www.linkedin.com/in/davidmacdonald100> >> >> >> >> twitter.com/davidmacd<http://twitter.com/davidmacd> >> >> >> >> GitHub<https://github.com/DavidMacDonald> >> >> >> >> www.Can-Adapt.com<http://www.can-adapt.com/> >> >> >> >> >> >> >> >> Adapting the web to all users >> >> >> >> Including those with disabilities >> >> >> >> If you are not the intended recipient, please review our privacy >> >> policy< >> >> http://www.davidmacd.com/disclaimer.html> >> >> >> > >> >> >> >
Received on Thursday, 9 February 2017 17:46:44 UTC